1 /* HttpsURLConnection.java -- an HTTPS connection. 2 Copyright (C) 2004, 2006 Free Software Foundation, Inc. 3 4 This file is part of GNU Classpath. 5 6 GNU Classpath is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License as published by 8 the Free Software Foundation; either version 2, or (at your option) 9 any later version. 10 11 GNU Classpath is distributed in the hope that it will be useful, but 12 WITHOUT ANY WARRANTY; without even the implied warranty of 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 General Public License for more details. 15 16 You should have received a copy of the GNU General Public License 17 along with GNU Classpath; see the file COPYING. If not, write to the 18 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 19 02110-1301 USA. 20 21 Linking this library statically or dynamically with other modules is 22 making a combined work based on this library. Thus, the terms and 23 conditions of the GNU General Public License cover the whole 24 combination. 25 26 As a special exception, the copyright holders of this library give you 27 permission to link this library with independent modules to produce an 28 executable, regardless of the license terms of these independent 29 modules, and to copy and distribute the resulting executable under 30 terms of your choice, provided that you also meet, for each linked 31 independent module, the terms and conditions of the license of that 32 module. An independent module is a module which is not derived from 33 or based on this library. If you modify this library, you may extend 34 this exception to your version of the library, but you are not 35 obligated to do so. If you do not wish to do so, delete this 36 exception statement from your version. */ 37 38 39 package javax.net.ssl; 40 41 import java.net.HttpURLConnection; 42 import java.net.URL; 43 import java.security.Principal; 44 import java.security.cert.Certificate; 45 import java.security.cert.X509Certificate; 46 47 /** 48 * A URL connection that connects via the <i>Secure Socket Layer</i> 49 * (<b>SSL</b>) for HTTPS connections. 50 * 51 * <p>This class may be used in the same way as {@link 52 * HttpURLConnection}, and it will transparently negotiate the SSL 53 * connection. 54 * 55 * @author Casey Marshall (rsdio@metastatic.org) 56 */ 57 public abstract class HttpsURLConnection extends HttpURLConnection 58 { 59 60 // Fields. 61 // ------------------------------------------------------------------ 62 63 /** 64 * The default verifier. 65 * This is lazily initialized as required. 66 * @see #getDefaultHostnameVerifier 67 */ 68 private static HostnameVerifier defaultVerifier; 69 70 /** 71 * The default factory. 72 * This is lazily initialized as required. 73 * @see #getDefaultSSLSocketFactory 74 */ 75 private static SSLSocketFactory defaultFactory; 76 77 /** 78 * The hostname verifier used for this connection. 79 */ 80 protected HostnameVerifier hostnameVerifier; 81 82 /** 83 * This connection's socket factory. 84 */ 85 private SSLSocketFactory factory; 86 87 // Constructor. 88 // ------------------------------------------------------------------ 89 90 /** 91 * Creates a new HTTPS URL connection. 92 * 93 * @param url The URL of the connection being established. 94 * @specnote This was marked as throwing IOException in 1.4, 95 * but this was removed in 1.5. 96 */ HttpsURLConnection(URL url)97 protected HttpsURLConnection(URL url) 98 { 99 super(url); 100 } 101 102 // Class methods. 103 // ------------------------------------------------------------------ 104 105 /** 106 * Returns the default hostname verifier used in all new 107 * connections. 108 * If the default verifier has not been set, a new default one will be 109 * provided by this method. 110 * 111 * @return The default hostname verifier. 112 */ getDefaultHostnameVerifier()113 public static synchronized HostnameVerifier getDefaultHostnameVerifier() 114 { 115 if (defaultVerifier == null) 116 { 117 defaultVerifier = new TrivialHostnameVerifier(); 118 } 119 return defaultVerifier; 120 } 121 122 /** 123 * Sets the default hostname verifier to be used in all new 124 * connections. 125 * 126 * @param newDefault The new default hostname verifier. 127 * @throws IllegalArgumentException If <i>newDefault</i> is null. 128 * @throws SecurityException If there is a security manager 129 * currently installed and the caller does not have the {@link 130 * SSLPermission} "setHostnameVerifier". 131 */ setDefaultHostnameVerifier(HostnameVerifier newDefault)132 public static void setDefaultHostnameVerifier(HostnameVerifier newDefault) 133 { 134 if (newDefault == null) 135 throw new IllegalArgumentException("default verifier cannot be null"); 136 SecurityManager sm = System.getSecurityManager(); 137 if (sm != null) 138 sm.checkPermission(new SSLPermission("setHostnameVerifier")); 139 synchronized (HttpsURLConnection.class) 140 { 141 defaultVerifier = newDefault; 142 } 143 } 144 145 /** 146 * Returns the default SSL socket factory used in all new 147 * connections. 148 * If the default SSL socket factory has not been set, a new default one 149 * will be provided by this method. 150 * 151 * @return The default SSL socket factory. 152 */ getDefaultSSLSocketFactory()153 public static synchronized SSLSocketFactory getDefaultSSLSocketFactory() 154 { 155 if (defaultFactory == null) 156 { 157 try 158 { 159 defaultFactory = (SSLSocketFactory) SSLSocketFactory.getDefault(); 160 } 161 catch (Throwable t) 162 { 163 t.printStackTrace(); 164 } 165 } 166 return defaultFactory; 167 } 168 169 /** 170 * Sets the default SSL socket factory to be used in all new 171 * connections. 172 * 173 * @param newDefault The new socket factory. 174 * @throws IllegalArgumentException If <i>newDefault</i> is null. 175 * @throws SecurityException If there is a security manager 176 * installed and a call to {@link 177 * SecurityManager#checkSetFactory()} fails. 178 */ setDefaultSSLSocketFactory(SSLSocketFactory newDefault)179 public static void setDefaultSSLSocketFactory(SSLSocketFactory newDefault) 180 { 181 if (newDefault == null) 182 throw new IllegalArgumentException("default factory cannot be null"); 183 SecurityManager sm = System.getSecurityManager(); 184 if (sm != null) 185 sm.checkSetFactory(); 186 synchronized (HttpsURLConnection.class) 187 { 188 defaultFactory = newDefault; 189 } 190 } 191 192 // Instance methods. 193 // ------------------------------------------------------------------ 194 195 /** 196 * Returns the current hostname verifier for this instance. 197 * 198 * @return The hostname verifier. 199 */ getHostnameVerifier()200 public HostnameVerifier getHostnameVerifier() 201 { 202 if (hostnameVerifier == null) 203 { 204 hostnameVerifier = getDefaultHostnameVerifier(); 205 } 206 return hostnameVerifier; 207 } 208 209 /** 210 * Sets the hostname verifier for this instance. 211 * 212 * @param hostnameVerifier The new verifier. 213 * @throws IllegalArgumentException If <i>hostnameVerifier</i> is 214 * null. 215 */ setHostnameVerifier(HostnameVerifier hostnameVerifier)216 public void setHostnameVerifier(HostnameVerifier hostnameVerifier) 217 { 218 if (hostnameVerifier == null) 219 throw new IllegalArgumentException("verifier cannot be null"); 220 this.hostnameVerifier = hostnameVerifier; 221 } 222 223 /** 224 * Returns the current SSL socket factory for this instance. 225 * 226 * @return The current SSL socket factory. 227 */ getSSLSocketFactory()228 public SSLSocketFactory getSSLSocketFactory() 229 { 230 if (factory == null) 231 { 232 factory = getDefaultSSLSocketFactory(); 233 } 234 return factory; 235 } 236 237 /** 238 * Sets the SSL socket factory for this instance. 239 * 240 * @param factory The new factory. 241 * @throws IllegalArgumentException If <i>factory</i> is null. 242 */ setSSLSocketFactory(SSLSocketFactory factory)243 public void setSSLSocketFactory(SSLSocketFactory factory) 244 { 245 if (factory == null) 246 throw new IllegalArgumentException("factory cannot be null"); 247 this.factory = factory; 248 } 249 250 /** 251 * Returns the local principal for this connection. 252 * 253 * <p>The default implementation will return the {@link 254 * javax.security.x500.X500Principal} for the end entity certificate 255 * in the local certificate chain if those certificates are of type 256 * {@link java.security.cert.X509Certificate}. Otherwise, this 257 * method returns <code>null</code>. 258 * 259 * @return The local principal. 260 * @since 1.5 261 */ getLocalPrincipal()262 public Principal getLocalPrincipal () 263 { 264 Certificate[] c = getLocalCertificates (); 265 if (c != null && c.length > 0 && (c[0] instanceof X509Certificate)) 266 return ((X509Certificate) c[0]).getSubjectX500Principal (); 267 return null; 268 } 269 270 /** 271 * Returns the remote peer's principal for this connection. 272 * 273 * <p>The default implementation will return the {@link 274 * javax.security.x500.X500Principal} for the end entity certificate 275 * in the remote peer's certificate chain if those certificates are 276 * of type {@link java.security.cert.X509Certificate}. Otherwise, 277 * this method returns <code>null</code>. 278 * 279 * @return The remote principal. 280 * @throws SSLPeerUnverifiedException If the remote peer has not 281 * been verified. 282 * @since 1.5 283 */ getPeerPrincipal()284 public Principal getPeerPrincipal () throws SSLPeerUnverifiedException 285 { 286 Certificate[] c = getServerCertificates (); 287 if (c != null && c.length > 0 && (c[0] instanceof X509Certificate)) 288 return ((X509Certificate) c[0]).getSubjectX500Principal (); 289 return null; 290 } 291 292 // Abstract methods. 293 // ------------------------------------------------------------------- 294 295 /** 296 * Returns the cipher name negotiated for this connection. 297 * 298 * @return The cipher name. 299 * @throws IllegalStateException If the connection has not yet been 300 * established. 301 */ getCipherSuite()302 public abstract String getCipherSuite(); 303 304 /** 305 * Returns the certificates used on the local side in this 306 * connection. 307 * 308 * @return The local certificates. 309 * @throws IllegalStateException If the connection has not yet been 310 * established. 311 */ getLocalCertificates()312 public abstract Certificate[] getLocalCertificates(); 313 314 /** 315 * Returns the certificates sent by the other party. 316 * 317 * @return The peer's certificates. 318 * @throws IllegalStateException If the connection has not yet been 319 * established. 320 * @throws SSLPeerUnverifiedException If the peer could not be 321 * verified. 322 */ getServerCertificates()323 public abstract Certificate[] getServerCertificates() throws SSLPeerUnverifiedException; 324 } 325